CN113743512A - Autonomous learning judgment method and system for safety alarm event - Google Patents

Autonomous learning judgment method and system for safety alarm event Download PDF

Info

Publication number
CN113743512A
CN113743512A CN202111047170.1A CN202111047170A CN113743512A CN 113743512 A CN113743512 A CN 113743512A CN 202111047170 A CN202111047170 A CN 202111047170A CN 113743512 A CN113743512 A CN 113743512A
Authority
CN
China
Prior art keywords
function
value
judgment
score
alarm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111047170.1A
Other languages
Chinese (zh)
Inventor
孙宇
胡绍勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Information and Data Security Solutions Co Ltd
Original Assignee
Information and Data Security Solutions Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Information and Data Security Solutions Co Ltd filed Critical Information and Data Security Solutions Co Ltd
Priority to CN202111047170.1A priority Critical patent/CN113743512A/en
Publication of CN113743512A publication Critical patent/CN113743512A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/21Design or setup of recognition systems or techniques; Extraction of features in feature space; Blind source separation
    • G06F18/214Generating training patterns; Bootstrap methods, e.g. bagging or boosting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N20/00Machine learning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/0631Management of faults, events, alarms or notifications using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Computation (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Evolutionary Biology (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Mathematical Physics (AREA)
  • Alarm Systems (AREA)

Abstract

A safety alarm event autonomous learning judgment method and a system belong to the technical field of data processing and solve the problem of judging whether certain alarm data is a safety hole or not through autonomous learning under the condition of massive alarm data; the method comprises the steps of constructing a safety event judgment model, training the safety event judgment model, correcting errors of calculation results and inputting current alarm data for judgment; the method has the advantages that the characteristics of historical alarm data are mastered, new data are automatically broken, the massive original data do not need to be manually faced, manual errors are reduced, and the efficiency is greatly improved.

Description

Autonomous learning judgment method and system for safety alarm event
Technical Field
The invention belongs to the technical field of data processing, and relates to a safety alarm event autonomous learning judgment method and system.
Background
As shown in fig. 4, the existing process of converting alarm data into a security event is entirely determined and processed by manual work, and security monitoring personnel need to manually review the data to determine which data are potential system safety hazards and vulnerabilities. The alarm data has the characteristics of large data volume, multiple dimensions, strong real-time performance and the like, and common alarm data generally comprises 10-20 attributes, such as: category, level, description IP, protocol, port, etc. raw data. A human auditor needs to review these attributes and make decisions as specified. Assuming that an auditor can judge that one piece of alarm data is finished in 1 minute, one auditor can only audit 8 × 60-480 alarms in 8 hours of working time. If 48000 pieces of data are processed a day, 100 auditors are required, and if 480 ten thousand pieces of data, 1 ten thousand auditors are required, which is obviously impractical. The efficiency of manual review cannot meet the increasing data volume and the enterprise requirement with higher and higher real-time requirements, and the defects of error, overlooking, low efficiency and the like exist in manual judgment.
In order to solve the difficulty of manual review, a machine needs to be introduced to automatically process. And setting the judged rule into a system, matching the rule in a rule base after receiving the alarm data, and performing corresponding processing if the rule can be matched. However, the conventional rule processing has a limitation, and the rule is usually not changed after being set, and if the rule has an error, the error is accumulated continuously. Meanwhile, when data which is not covered by the rule is encountered, the judgment is missed. In the prior art, a chinese patent application "an intelligent alarm method for network security incident" with publication number CN110457906A and publication date of 2019, 11, month and 15 discloses a hyper-parameter optimization step: carrying out hyper-parameter optimization on the model parameter theta of the long and short term memory network model according with the quantile regression based on the network safety historical data to obtain the optimal model parameter training and curing step of the long and short term memory network model according with the quantile regression: off-line training and solidifying the long-short term memory network model which follows quantile regression based on the optimized model parameters of the long-short term memory network model which follows quantile regression; and intelligent alarm interval calculation: calculating an intelligent alarm interval of network security through a long-short term memory network model according to quantile regression based on online data of network security; interval comparison: and comparing the network security online data with the intelligent alarm interval, and giving an alarm if the network security online data exceeds the intelligent alarm interval. However, the document does not solve the problem that the intelligent judging algorithm of machine learning fails to judge when encountering data not covered by the rule.
Disclosure of Invention
The invention aims to design a safety alarm event autonomous learning judgment method and a safety alarm event autonomous learning judgment system, so as to solve the problem of judging whether certain alarm data is a safety hole or not through autonomous learning under the condition of massive alarm data.
The invention solves the technical problems through the following technical scheme:
a safety alarm event autonomous learning judgment method comprises the following steps:
s1, constructing a safety event judgment model, wherein the safety event judgment model comprises: a scoring function and a judging function;
s2, training the safety event judgment model: initializing each weight value of a score function, reading a historical data sample set, converting the historical data sample set into a matrix form, inputting each alarm data in the matrix into the score function to obtain a corresponding score value, and substituting the score value of each alarm data into a judgment function to obtain a calculation result;
s3, error correction of calculation result: subtracting the corresponding calculation result from the real result of the alarm data to obtain a result error value, judging the result error value, adjusting each weight value of the score function according to the judgment result and finishing the training of the safety event judgment model;
s4, inputting current alarm data for judgment: and substituting the current alarm data into the trained score function to obtain the score of the current alarm data, substituting the score into the judgment function to obtain a calculation result, and judging whether the current alarm data is a security vulnerability or not according to the calculation result.
According to the technical scheme, the safety event judgment model is constructed, the characteristics of historical alarm data are learned, the error correction of a calculation result is carried out, the current alarm data is input for judgment, new data are automatically broken, the manual work is not needed to face massive original data, manual errors are reduced, and the efficiency is greatly improved.
As a technical solution of the present inventionIn a further improvement, the scoring function described in step S1 is y-w0+w1x1+…+wnxnThe judgment function is h (y) sigmoid (y); wherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
As a further improvement of the technical solution of the present invention, the historical data sample set in step S2 includes: attribute values and judgment results, wherein the attribute values comprise alarm types, alarm levels, asset numbers, application layer protocols and alarm ports.
As a further improvement of the technical solution of the present invention, in step S3, the result error value is judged by using a square loss function or a logarithmic loss function.
As a further improvement of the technical solution of the present invention, the step S3 of adjusting each weight value of the score function according to the evaluation result and completing the training of the security event judgment model includes:
step S31, when the result error value is positive, the weight values of the score function are adjusted down, and when the result error value is negative, the weight values of the integral function are adjusted up;
step S32, obtaining new score values of each alarm data according to the adjusted score function;
and repeating the steps S31 and S32, and finishing the training of the safety event judgment model when the new score value is optimal.
A security alarm event autonomous learning decision system, comprising: the system comprises a model building module, a model training module, an error correction module and a judgment module;
the model building module is used for constructing a safety event judgment model, and the safety event judgment model comprises: a scoring function and a judging function;
the model training module is used for training the safety event judgment model: initializing each weight value of a score function, reading a historical data sample set, converting the historical data sample set into a matrix form, inputting each alarm data in the matrix into the score function to obtain a corresponding score value, and substituting the score value of each alarm data into a judgment function to obtain a calculation result;
the error correction module is used for correcting the error of the calculation result: subtracting the corresponding calculation result from the real result of the alarm data to obtain a result error value, judging the result error value, adjusting each weight value of the score function according to the judgment result and finishing the training of the safety event judgment model;
the judging module is used for inputting current alarm data for judgment: and substituting the current alarm data into the trained score function to obtain a score value of the current alarm data, and substituting the score value into a judgment function to obtain a calculation result so as to judge whether the current alarm data is a security vulnerability.
As a further improvement of the technical solution of the present invention, the score function in the model building module is y ═ w0+w1x1+…+wnxnThe judgment function is h (y) sigmoid (y); wherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
As a further improvement of the technical scheme of the invention, the historical data sample set in the model training module comprises: attribute values and judgment results, wherein the attribute values comprise alarm types, alarm levels, asset numbers, application layer protocols and alarm ports.
As a further improvement of the technical scheme of the invention, the error correction module adopts a square loss function or a logarithmic loss function to judge the result error value.
As a further improvement of the technical solution of the present invention, the error correction module includes:
the weight value adjusting submodule is used for reducing each weight value of the scoring function when the result error value is positive and increasing each weight value of the integral function when the result error value is negative;
the calculating submodule is used for obtaining a new score value of each alarm data according to the adjusted score function;
and the determining submodule is used for finishing the training of the safety event judgment model when the new score value is optimal.
The invention has the advantages that:
according to the technical scheme, the safety event judgment model is constructed, the characteristics of historical alarm data are learned, the error correction of a calculation result is carried out, the current alarm data is input for judgment, new data are automatically broken, the manual work is not needed to face massive original data, manual errors are reduced, and the efficiency is greatly improved.
Drawings
FIG. 1 is a flow chart of a method for autonomous learning and determining a security alarm event according to an embodiment of the present invention;
FIG. 2 is a diagram of mapping alarm data to points on a plane according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of various types of dots divided by a straight line in accordance with an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating a conventional manual determination of a security alarm event;
fig. 5 is a schematic diagram of the safety warning event autonomous learning determination principle of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As described in the background art, the problem of missed judgment exists when an alarm is processed currently, but the problem in this respect can be effectively solved by the intelligent studying and judging algorithm based on machine learning, which is specifically shown in fig. 5: in the application, a plurality of 'rules' (actually parameters in an algorithm) are summarized from a large amount of historical data to initialize the system. When the system runs, the algorithm is further optimized through the continuously accumulated data, the robustness is increased, and the missing judgment is reduced.
The technical scheme of the invention is further described by combining the drawings and the specific embodiments in the specification:
example one
As shown in fig. 1, an autonomous learning and determining method for a security alarm event includes the following steps:
1. constructing a security event judgment model, wherein the security event judgment model comprises the following steps: a scoring function and a judging function; the scoring function is that y is w0+w1x1+…+wnxnThe judgment function is h (y) sigmoid (y); wherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
2. Training a safety event judgment model: initializing each weight value of a score function to 1, reading a historical data sample set, converting the historical data sample set into a matrix form, inputting each alarm data in the matrix into the score function to obtain a corresponding score value, and substituting the score value of each alarm data into a judgment function to obtain a calculation result; the historical data sample set comprises: attribute values and a judgment result, wherein the attribute values are respectively as follows: alarm type, alarm level, number of assets, application layer protocol, alarm port.
3. Error correction of the calculation results: subtracting the calculation result from the real data result to obtain a result error value, judging the error value, and correspondingly reducing or increasing each weight value of the score function according to the judgment result; the error value is judged by adopting a square loss function.
4. Inputting current alarm data for judgment: and substituting the current alarm data into the trained score function to obtain a score value of the current alarm data, and substituting the score value into a judgment function to obtain a calculation result so as to judge whether the current alarm data is a security vulnerability. The method for judging whether the current alarm data is a security vulnerability comprises the following steps: when the calculation result is between 0 and 0.5, judging that the security vulnerability exists; and judging that the security is a security hole when the calculation result is between 0.5 and 1.
As shown in fig. 2, to determine whether a certain alarm data is a security event, the arguments can have only 0 and 1, and 0 and 1 respectively indicate whether the alarm data is a security event. Dependent variables are many, such as: alarm type, alarm level, risk value, number of associated assets, associated units, etc. A safety event judgment function needs to be designed, dependent variables are input randomly, and 0 or 1 results are output.
Mapping all data into one point on a plane respectively, and representing different types of points by different shapes (for example, squares and triangles in the figure represent two different types of points); the points are then distributed over different areas with a partitionable space between them, which is a curve. Although the curve can perfectly divide the interval, the curve is more complicated in mathematical expression and is not suitable for engineering application. Due to the particularity of the service data of the embodiment of the invention: either a "0" or a "1".
As shown in fig. 3, the different types of dots may be divided into intervals by a straight line. The equation for this line can be expressed as: y ═ w0+w1x1+…+wnxnWherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
The respective weight values then need to be calibrated by the real alarm data. The specific process is as follows:
setting boundary value, inputting the alarm data into safety event judging function to calculate, comparing the result with the value at boundary, if it is greater than the boundary value, it is judged that it belongs to class 1, and if it is less than the boundary value, it is judged that it belongs to class 2. The intelligent classification function is realized. For example: given a sample set, each sample set has five dimensional values: alarm type, alarm level, number of assets, application layer protocol, alarm port, and a result value. If the value of each dimension is non-number, the value is mapped into number through the mapping rule, so that mathematical calculation is convenient. The mapping rules for different dimension values are different, as shown in the following table:
dimension (d) of True value Mapping values
Application layer protocol http 1
Application layer protocol tcp 2
Application layer protocol udp 3
Alarm port 80 1
Alarm port 22 2
Alarm systemPort(s) 3306 3
The mapping table is extended continuously according to the service situation. The sample calculations are two in number, represented by 0 and 1, and the data is shown below:
Figure BDA0003250054780000061
the task of machine learning is to find a function that predicts the probability of a 1 result given the values of two dimensions of a datum. The model for this function is as follows: h, (y) sigmoid (y), y ═ w0+w1x1+…+wnxn
sigmoid is an S-curve function, also called a logistic function. Any parameter coming in will return a result between 0 and 1. It is particularly suitable for use in a scenario where such a determination is yes or no. Such as: the value of the function between 0 and 0.5 is considered as "no" and between 0.5 and 1 is considered as "yes". Here we pass in what is the "score" of each alarm. The y function is used to describe the score for each alarm data. x denotes an individual attribute of an alarm data and w denotes a weight or coefficient of the attribute. Finally, the coefficient is added to all the attributes of the alarm to calculate a value. Is the score value of the alarm.
The problem now translates into finding the optimal values of the parameters w (w0, w1, …, wn) based on existing sample data. Now we give some initial values of w and then take the data of sample 1 and sample 2 into account to see how the prediction of this function works, assuming that the predicted value of sample 1 is p1 ═ 0.8 and the predicted value of sample 2 is: p2 is 0.4.
The error of the function on sample 1 is E1 ═ 0.2 (1-0.8), on sample 2 is E2 ═ 0.4 (0-0.4) — 0.4, and the total error E is-0.20 (E1+ E2). As shown in the following table:
Figure BDA0003250054780000062
Figure BDA0003250054780000071
knowing the error of the algorithm, we need to improve the algorithm to minimize the error. There are many methods for judging the error value, such as: a square loss function, a logarithmic loss function. The square loss function is a least square method, and the principle of the square loss function is a central limit law, and the difference value of the predicted value and the actual value of each test datum is squared and then accumulated.
For sample 1: our predicted values are smaller than the theoretical values, so we want to increase the value of the function output. I.e. increase the value of w1 x 1. Since x1 is negative, we must reduce the value of w1 to achieve the goal. For sample 2: our predicted values are larger than the theoretical values, so we want to reduce the function output. I.e. decrease the value of w1 x 1. Since x1 is negative, the value of w1 must be increased in order to reach the target. With the same algorithm, for sample 1, the increasing coefficient enables the algorithm to be more accurate; for sample 2, the lower coefficient would be more accurate. At this time, we need to make a trade-off. Such as: after the adjustment up, the error of sample 1 is greatly reduced, and the error of sample 2 is slightly increased, then the adjustment up can be performed. How much to increase can be expressed by a variable alpha, and the trial is performed by very small adjustment once and again. When the final accuracy is highest, the attempt is terminated.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A safety alarm event autonomous learning judgment method is characterized by comprising the following steps:
s1, constructing a safety event judgment model, wherein the safety event judgment model comprises: a scoring function and a judging function;
s2, training the safety event judgment model: initializing each weight value of a score function, reading a historical data sample set, converting the historical data sample set into a matrix form, inputting each alarm data in the matrix into the score function to obtain a corresponding score value, and substituting the score value of each alarm data into a judgment function to obtain a calculation result;
s3, error correction of calculation result: subtracting the corresponding calculation result from the real result of the alarm data to obtain a result error value, judging the result error value, adjusting each weight value of the score function according to the judgment result and finishing the training of the safety event judgment model;
s4, inputting current alarm data for judgment: and substituting the current alarm data into the trained score function to obtain the score of the current alarm data, substituting the score into the judgment function to obtain a calculation result, and judging whether the current alarm data is a security vulnerability or not according to the calculation result.
2. The method as claimed in claim 1, wherein the scoring function in step S1 is y-w0+w1x1+…+wnxnThe judgment function is h (y) sigmoid (y); wherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
3. The method for autonomously learning and determining a security alarm event according to claim 1, wherein the historical data sample set in step S2 includes: attribute values and judgment results, wherein the attribute values comprise alarm types, alarm levels, asset numbers, application layer protocols and alarm ports.
4. The method for autonomously learning and determining a security alarm event according to claim 1, wherein in step S3, the result error value is determined by a square loss function or a logarithmic loss function.
5. The method as claimed in claim 1, wherein the step S3 of adjusting the weight values of the score function according to the evaluation result and completing the training of the security event judgment model comprises:
step S31, when the result error value is positive, the weight values of the score function are adjusted down, and when the result error value is negative, the weight values of the integral function are adjusted up;
step S32, obtaining new score values of each alarm data according to the adjusted score function;
and repeating the steps S31 and S32, and finishing the training of the safety event judgment model when the new score value is optimal.
6. An autonomous learning decision system for a security alarm event, comprising: the system comprises a model building module, a model training module, an error correction module and a judgment module;
the model building module is used for constructing a safety event judgment model, and the safety event judgment model comprises: a scoring function and a judging function;
the model training module is used for training the safety event judgment model: initializing each weight value of a score function, reading a historical data sample set, converting the historical data sample set into a matrix form, inputting each alarm data in the matrix into the score function to obtain a corresponding score value, and substituting the score value of each alarm data into a judgment function to obtain a calculation result;
the error correction module is used for correcting the error of the calculation result: subtracting the corresponding calculation result from the real result of the alarm data to obtain a result error value, judging the result error value, adjusting each weight value of the score function according to the judgment result and finishing the training of the safety event judgment model;
the judging module is used for inputting current alarm data for judgment: and substituting the current alarm data into the trained score function to obtain a score value of the current alarm data, and substituting the score value into a judgment function to obtain a calculation result so as to judge whether the current alarm data is a security vulnerability.
7. The system of claim 6, wherein the score function in the model building module is y-w0+w1x1+…+wnxnThe judgment function is h (y) sigmoid (y); wherein x is1…xnRespectively represent the 1 st … nth dependent variable, w corresponding to the alarm data1…wnAre each x1…xnThe weight value of (1); w is a0Is a fixed value used to adjust the output value.
8. The system of claim 6, wherein the historical data sample set in the model training module comprises: attribute values and judgment results, wherein the attribute values comprise alarm types, alarm levels, asset numbers, application layer protocols and alarm ports.
9. The system of claim 6, wherein the error correction module employs a square loss function or a logarithmic loss function to evaluate the result error value.
10. The system of claim 6, wherein the error correction module comprises:
the weight value adjusting submodule is used for reducing each weight value of the scoring function when the result error value is positive and increasing each weight value of the integral function when the result error value is negative;
the calculating submodule is used for obtaining a new score value of each alarm data according to the adjusted score function;
and the determining submodule is used for finishing the training of the safety event judgment model when the new score value is optimal.
CN202111047170.1A 2021-09-07 2021-09-07 Autonomous learning judgment method and system for safety alarm event Pending CN113743512A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111047170.1A CN113743512A (en) 2021-09-07 2021-09-07 Autonomous learning judgment method and system for safety alarm event

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111047170.1A CN113743512A (en) 2021-09-07 2021-09-07 Autonomous learning judgment method and system for safety alarm event

Publications (1)

Publication Number Publication Date
CN113743512A true CN113743512A (en) 2021-12-03

Family

ID=78736782

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111047170.1A Pending CN113743512A (en) 2021-09-07 2021-09-07 Autonomous learning judgment method and system for safety alarm event

Country Status (1)

Country Link
CN (1) CN113743512A (en)

Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016029570A1 (en) * 2014-08-28 2016-03-03 北京科东电力控制系统有限责任公司 Intelligent alert analysis method for power grid scheduling
CN107040551A (en) * 2017-06-12 2017-08-11 北京匡恩网络科技有限责任公司 A kind of industry control network safe early warning method and system
CN110213287A (en) * 2019-06-12 2019-09-06 北京理工大学 A kind of double mode invasion detecting device based on ensemble machine learning algorithm
CN110263172A (en) * 2019-06-26 2019-09-20 国网江苏省电力有限公司南京供电分公司 A kind of evented autonomous classification method of power system monitor warning information
CN110334756A (en) * 2019-06-26 2019-10-15 国网江苏省电力有限公司 Power system monitor alarm event knows method for distinguishing, terminal installation, equipment and medium
CN110912737A (en) * 2019-11-14 2020-03-24 国网浙江省电力有限公司信息通信分公司 Dynamic perception performance early warning method based on hybrid model
CN110956628A (en) * 2019-12-13 2020-04-03 广州达安临床检验中心有限公司 Picture grade classification method and device, computer equipment and storage medium
CN110995475A (en) * 2019-11-20 2020-04-10 国网湖北省电力有限公司信息通信公司 Power communication network fault detection method based on transfer learning
CN111274395A (en) * 2020-01-19 2020-06-12 河海大学 Power grid monitoring alarm event identification method based on convolution and long-short term memory network
CN111475804A (en) * 2020-03-05 2020-07-31 浙江省北大信息技术高等研究院 Alarm prediction method and system
CN111539493A (en) * 2020-07-08 2020-08-14 北京必示科技有限公司 Alarm prediction method and device, electronic equipment and storage medium
US20200327029A1 (en) * 2019-02-15 2020-10-15 Aveva Software, Llc Process mapping and monitoring using artificial intelligence
CN111797135A (en) * 2020-06-24 2020-10-20 上海交通大学 Structured data processing method based on entity embedding
CN112153002A (en) * 2020-08-24 2020-12-29 杭州安恒信息技术股份有限公司 Alarm information analysis method and device, computer equipment and storage medium
CN112862211A (en) * 2021-03-09 2021-05-28 国网冀北电力有限公司信息通信分公司 Method and device for assigning orders of dynamic ring defects of communication management system
CN113157994A (en) * 2021-03-02 2021-07-23 昆山九华电子设备厂 Multi-source heterogeneous platform data processing method
US20210237645A1 (en) * 2020-01-30 2021-08-05 International Business Machines Corporation Modulating attention of responsible parties to predicted dangers of self-driving cars
CN113259379A (en) * 2021-06-15 2021-08-13 中国航空油料集团有限公司 Abnormal alarm identification method, device, server and storage medium based on incremental learning

Patent Citations (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2016029570A1 (en) * 2014-08-28 2016-03-03 北京科东电力控制系统有限责任公司 Intelligent alert analysis method for power grid scheduling
CN107040551A (en) * 2017-06-12 2017-08-11 北京匡恩网络科技有限责任公司 A kind of industry control network safe early warning method and system
US20200327029A1 (en) * 2019-02-15 2020-10-15 Aveva Software, Llc Process mapping and monitoring using artificial intelligence
CN110213287A (en) * 2019-06-12 2019-09-06 北京理工大学 A kind of double mode invasion detecting device based on ensemble machine learning algorithm
CN110263172A (en) * 2019-06-26 2019-09-20 国网江苏省电力有限公司南京供电分公司 A kind of evented autonomous classification method of power system monitor warning information
CN110334756A (en) * 2019-06-26 2019-10-15 国网江苏省电力有限公司 Power system monitor alarm event knows method for distinguishing, terminal installation, equipment and medium
CN110912737A (en) * 2019-11-14 2020-03-24 国网浙江省电力有限公司信息通信分公司 Dynamic perception performance early warning method based on hybrid model
CN110995475A (en) * 2019-11-20 2020-04-10 国网湖北省电力有限公司信息通信公司 Power communication network fault detection method based on transfer learning
CN110956628A (en) * 2019-12-13 2020-04-03 广州达安临床检验中心有限公司 Picture grade classification method and device, computer equipment and storage medium
CN111274395A (en) * 2020-01-19 2020-06-12 河海大学 Power grid monitoring alarm event identification method based on convolution and long-short term memory network
US20210237645A1 (en) * 2020-01-30 2021-08-05 International Business Machines Corporation Modulating attention of responsible parties to predicted dangers of self-driving cars
CN111475804A (en) * 2020-03-05 2020-07-31 浙江省北大信息技术高等研究院 Alarm prediction method and system
CN111797135A (en) * 2020-06-24 2020-10-20 上海交通大学 Structured data processing method based on entity embedding
CN111539493A (en) * 2020-07-08 2020-08-14 北京必示科技有限公司 Alarm prediction method and device, electronic equipment and storage medium
CN112153002A (en) * 2020-08-24 2020-12-29 杭州安恒信息技术股份有限公司 Alarm information analysis method and device, computer equipment and storage medium
CN113157994A (en) * 2021-03-02 2021-07-23 昆山九华电子设备厂 Multi-source heterogeneous platform data processing method
CN112862211A (en) * 2021-03-09 2021-05-28 国网冀北电力有限公司信息通信分公司 Method and device for assigning orders of dynamic ring defects of communication management system
CN113259379A (en) * 2021-06-15 2021-08-13 中国航空油料集团有限公司 Abnormal alarm identification method, device, server and storage medium based on incremental learning

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
TRASPER1: "浅谈线性多分类分类器(全连接层、SVM、Softmax classifier等)", pages 1, Retrieved from the Internet <URL:《https://blog.csdn.net/Trasper1/article/details/82216305》> *
WEI LIANG等: "A Security Situation Prediction Algorithm Based on HMM in Mobile Network", 《WIRELESS COMMUNICATIONS AND MOBILE COMPUTING》, vol. 2018, pages 1 - 12 *
郝科伟: "基于机器学习方法的网络入侵检测技术研究", 《中国优秀硕士学位论文全文数据库:信息科技辑》, no. 2019, pages 139 - 249 *

Similar Documents

Publication Publication Date Title
CN106874581B (en) Building air conditioner energy consumption prediction method based on BP neural network model
CN107832973B (en) Equipment quality control method based on polymorphic information comprehensive evaluation
CN110650153A (en) Industrial control network intrusion detection method based on focus loss deep neural network
CN110708318A (en) Network abnormal flow prediction method based on improved radial basis function neural network algorithm
TW202133089A (en) Method for optimally promoting decisions and computer program product thereof
CN114862267A (en) Evaluation method and system of oil and gas pipeline alarm management system
CN113221442B (en) Method and device for constructing health assessment model of power plant equipment
CN114580940A (en) Grouting effect fuzzy comprehensive evaluation method based on grey correlation degree analysis method
CN114219254A (en) Information system risk analysis and security situation assessment method
CN117575564A (en) Extensible infrastructure network component maintenance and transformation decision evaluation method and system
CN113743512A (en) Autonomous learning judgment method and system for safety alarm event
CN110456356B (en) Data assimilation-oriented weather radar radial speed quality control method
CN109635008B (en) Equipment fault detection method based on machine learning
CN116151409A (en) Urban daily water demand prediction method based on neural network
CN110991841B (en) Analysis method for nonstandard behaviors in bidding process based on AI technology
CN109493065A (en) A kind of fraudulent trading detection method of Behavior-based control incremental update
CN114936614A (en) Operation risk identification method and system based on neural network
CN109962915B (en) BQP network-based anomaly detection method
CN113361200A (en) Information uncertainty grey group decision method based on group consensus
CN108614547B (en) Industrial control protocol security assessment method based on reduction factor
CN113722195A (en) Local area network operation evaluation system and method based on AHP (advanced health process) hierarchy analysis method
CN112330435A (en) Credit risk prediction method and system for optimizing Elman neural network based on genetic algorithm
CN118429728B (en) Chemical fertilizer particle detection method based on small sample learning
CN117236971B (en) Multi-working condition emission data fake detection method, device and system and storage medium
CN116366359B (en) Intelligent collaborative self-evolution defense method and system for industrial control network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination